Redirecting file access through a http web server

ABSTRACT

The present invention provides for a system configured to redirect file access through a web server through the use of a symbolic link file. This symbolic link file is modified to include connection and authentication information of a file stored on a remote file system but is accessible through a web server. When the modified symbolic link file is accessed on a computer which is remote to the remote file system, the computer recognizes that the symbolic link requires an internet connection to the linked file. The computer establishes an internet connection to the web server using the connection and authentication connection information in the modified symbolic link file. The file is then accessed and downloaded from the web server. The computer accordingly is able to seamlessly access and open the modified symbolic link file as if it was an unmodified symbolic link file.

CROSS REFERENCE TO RELATED APPLICATION(S)

The present application is a continuation application of U.S. patentapplication Ser. No. 12/058,808 filed Mar. 31, 2008, entitled“REDIRECTING FILE ACCESS THROUGH A HTTP WEB SERVER,” which is herebyincorporated by reference in its entirety.

FIELD OF THE INVENTION

The present invention generally relates to a file system operating on acomputer system. The present invention specifically relates to a systemconfigured to enable redirected file access within a computer systemthough an HTTP web server.

BACKGROUND OF THE INVENTION

Symbolic links (commonly referred to as a symlink or “soft link”) are aspecial type of file that serves as a reference to another file ordirectory. Unix-based operating systems, in particular, feature symboliclinks. Unlike a hard link, which points directly to data and representsanother name for the same file, a symbolic link contains a path thatidentifies the target of the symbolic link. Thus, when a user removes asymbolic link, the file to which it pointed remains unaffected. A largeadvantage of symbolic links is that they operate transparently, meaningthat programs that read or write to files named by a symbolic linkbehave as if operating directly on the target file.

In the current art, there are many cases where copying large filesbetween computer systems is simply unfeasible. For example, a core dumpfrom an operating system may result in data consuming gigabytes ofspace. Symbolic links are useful for accessing these large files,particularly because symbolic links may refer to files on other mountedfile systems, allowing access to a large file on another file systemwithout first requiring the transfer of the file. However, existingsymbolic links do not allow access to files existing on a remotenetwork.

For many organizations, the only way into their computer network from aremote location is through HTTP and their web servers. Suchorganizations would not entertain the idea of giving a user from anotherorganization a trusted VPN connection into their internal network forthe purpose of accessing a particular file. Furthermore, it is notfeasible for the web server to use any kind of file network protocol(such as SAMBA), since there are too many security vulnerabilities andintractable problems such as remote authentication between untrusteddomains.

What is needed is a way to allow remote access to files through a webserver while utilizing the advantages of a symbolic link.

BRIEF SUMMARY OF THE INVENTION

The present invention provides a new and unique system configured forredirecting file access though a web server. This file access isaccomplished by the use of a symbolic link, with the symbolic link beingmodified to enable an internet connection to the desired file via a webserver.

In one embodiment of the invention, a symbolic link is created to accessa file hosted on a remote workstation file system or file store. Thisfile stored on the remote workstation may not be easily accessed at anexternal system due to its size or an inability to be accessed via anexternal network connection. The file on this file system or file store,however, is accessible by a web server, and the web server is accessibleover the internet by computers in external networks.

The symbolic link is modified to include connection information toaccess the file through the web server such as the web server IP addressor DNS name. This connection information may also be accompanied byauthentication information, such as a username and password or othersecurity authenticators. The modified symbolic link then is utilizedwithin an external file system (the “local computing system”) which isremote to the workstation file system or store, with the local computingsystem having internet access to the web server.

When the symbolic link is accessed on the local computing system, theconnection and authentication information contained within the symboliclink is processed by the local computing system to create a connectionto the web server. Once the connection has been opened andauthenticated, the file system driver on the local computing systemredirects all I/O requests for the file through HTTP to the web server.For secure access to the file, the file system driver may optionallysend requests using HTTPS.

In a further embodiment of the present invention, the local computingsystem contains a driver to distinguish between modified symbolic linksand symbolic links in use for local files on the file system. Thisdriver allows both symbolic links and modified symbolic links to be usedon a file system, allowing applications to utilize unmodified symboliclinks on the file system without interruption. In a further embodiment,the modified link may contain parameters used within the request to theweb server to indicate a section of the file required by an application.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates an example implementation of an operating environmentof the present invention; and

FIG. 2 illustrates a flowchart demonstrating an example operation of oneembodiment of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

One aspect of the present invention introduces a new kind of symboliclink that can reroute file access requests through a web server. Thisallows the data to remain on the file system where it was generated,while facilitating the benefits of a symbolic link to allow a remoteuser to access the data as if it exists on the local file system.Further, through the use of a specialized file system driver accordingto a further aspect of the present invention, applications and existingsymbolic links within the operating system continue to work as beforewithout modification.

In one embodiment of the present invention, a symbolic link is modifiedto contain connection information to the web server which has access tothe desired data. This connection information would typically include aURL, authentication information such as user name and password. Thisconnection information placed within the symbolic link file gives thefile system enough information to establish a remote connection, whileallowing the symbolic link appear as a regular symbolic link file in thefile system.

The present invention utilizes symbolic links, which are well known inUNIX operating systems as a file reference to other files, similar tothe use of “shortcuts” in Windows. In the present invention, thesymbolic link refers to a file that is stored at a URI location (such ascan be defined by a URL). In operation, HTTP or an equivalentcommunication protocol is used to access the file data using thesymbolic link.

FIG. 1 depicts an example implementation environment of the presentinvention. As depicted, file intended to be accessed 110 (the “targetfile”) exists on a volume 115 of remote workstation 120. The remoteworkstation is connected over a network 130 via a network switch orrouter 140 to the web server 140. A local computer 170 is depicted asbeing connected over the Internet 160 to the web server 150.

The remote workstation 120 has no special software running on it orspecial configuration other than allowing the web server 150 access tothe desired file 110. However, in most deployments, it is unusual toallow a web server direct access to files of an internal workstation. Inthis case, the target file may need to be copied or moved to a locationthat is accessible to the web server.

The web server 150 responds to HTTP requests for the file or sections ofthe file coming from the local computer connected over the internet 160.This is accomplished through the use of a file proxy component 155operating on the web server. The file proxy 155 on the web server 150passes on I/O requests by opening and accessing the actual file on theremote workstation 120. Parameters may be passed in the HTTP requestprocessed by the file proxy 150 to indicate the section of the filerequired by the requesting application.

On the local computer 170, an application 172 accesses the modifiedsymbolic link 182 stored on a local disk volume 180, and is able toinitiate access to the underlying file 110 as if it was stored on thelocal file system. The modified symbolic link 182 is like a regularsymbolic link file in existing file systems, but is recognized as amodified symbolic link by a driver 174 operating on the local computingsystem 170. As sections of the file are accessed, the driver 174redirects the I/O API calls through to HTTP (GET) requests on the webserver 150.

FIG. 2 depicts a workflow utilized for configuring and initializingremote file access in accordance with one embodiment of the invention.The following workflow occurs after a file exists or is created on theremote system as in step 200.

1. Step 201: The first processing step occurs on the remote workstationwhere the target file exists. In an example where access is intended tobe provided to a large core dump file, this would be the machine wherethe Virtual Machine or Operating System core dumped. On this remotemachine, the user creates a modified symbolic link to the desired file.Unlike a regular symbolic link, this new kind of modified symbolic linkis also a regular file that can be copied onto another system.

2. Step 202: The user takes steps to add connection information of theweb server to the modified symbolic link file. In one embodiment, thismay be performed by uploading the symbolic link file to the web serverthat is running a specialized software component, referred to as the“Web Server File Proxy”. In one embodiment of the present invention, theWeb Server File Proxy operates to add the web server's DNS name to thesymbolic link file, a generated URL unique for this file, andauthentication information (which could be a time limited user name andpassword). In other embodiments, this connection information may bemanually added to the modified symbolic link file by a systemadministrator, or may be added by a standalone program.

3. Step 203: The now completed modified symbolic link file is providedto the user and is placed on the local computing system. This localcomputing system is remote to the remote workstation, but has aninternet connection to a web server connected to the remote workstation.

4. Step 204: The modified symbolic link file now exists on the localcomputing system, and the modified symbolic link file is accessed usingan application. In one embodiment, a specialized file system driveroperates on the local computing system to recognize a modified symboliclink file when opened and accordingly establish a connection to the webserver.

5. Step 205: File access is then achieved by opening the connection tothe web server using the connection and authentication informationcontained within the modified symbolic link file. This authenticationinformation is then passed to the web server and processed. Once theconnection has been opened and authenticated, the file system driver onthe local computing system redirects all I/O requests through HTTP tothe Web Server File Proxy operating on the web server.

6. Step 206: The Web Server File Proxy operating on the web serverpasses on I/O requests by accessing and opening the actual file on theremote workstation. In principle, the forwarding of I/O requests couldbe chained together through several servers if, for example, the trafficneeds to be routed through a DMZ-style deployment. In this case, twoFile Proxies would communicate to pass on I/O requests. One File Proxywould be in the DMZ and have an external facing IP address, while thesecond would be inside the protected zone.

As described above, the Web Proxy File System Driver operating on thelocal computing system must detect which files are modified symboliclink files and which are not. This could be achieved by embedding themetadata (DNS name, URL, authentication information etc) in a specialstream if the file system supports this feature (for example, NTFSsupports streams). Alternatively, the symbolic link file could be aregular text document and rely on a particular file extension foridentification.

Because file system requests are routed through HTTP, standard webtechnology and security protocols may be utilized. For example, the filesystem proxy driver can open a secure (HTTPS) connection to the serverthat is further authenticated using client and or server certificates.Secure connections may indeed be important since large files such ascrash dumps can contain sensitive information including passwords anduser names. These proxies are not required to use HTTP/HTTPS as theircommunication protocol, as they are optionally implemented with anyequivalent communication protocol.

Although various representative embodiments of this invention have beendescribed above with a certain degree of particularity, those skilled inthe art could make numerous alterations to the disclosed embodimentswithout departing from the spirit or scope of the inventive subjectmatter set forth in the specification and claims.

1. A system for enabling file access redirection through a web server,comprising: a web server accessible via an authenticated internetconnection; a file system hosting a file, wherein the file system isaccessible by the web server; a computing system containing a symboliclink to the file, the symbolic link being modified to include connectioninformation and authentication information for accessing the filethrough the web server, wherein the computing system is remote to thefile system hosting the file, wherein the symbolic link is recognizedwith a driver on the computing system as containing a link to a fileaccessible via a web server, and wherein the computing system isconnected and authenticated to the web server to enable access of thefile responsive to establishing the authenticated internet connectionwith the connection information and authentication information containedwithin the symbolic link.